Who owns facebook applications & why do they need to access my private data?
Any Facebook application is indeed owned by the user creating it. Data associated with the functioning of that application is stored off-site (outside of Facebook, exception being Facebook’s own applications) and they need access to your information in order to call against your account: name, age, sex, etc. Without basic access to your account, they can’t even “install” the app on your account, however you can limit what’s accessible through the platform. The platform access, however, dictates what information people are able to see through your *friends* having added an application. Change privacy settings through the platform here: http://asu.facebook.com/privacy.php?view=platform&tab=all (Change subdomain to reflect yours, naturally.) See what you’re agreeing to when you install an application here. Cheers.
Even though the applications display through the Facebook interface they’re (almost) entirely hosted on separate servers. That would pretty much rule out the ambitious student or amateur programmer, who would almost certainly not have the spare & scalable server capacity to deal with a suddenly-popular app, unless they have some super-clever way of milking it for money.
There are definitely students and amateur programmers developing facebook apps, I’ve met a few and there are plenty more like them. I’m sure that more traffic than they can handle is a problem they’d like to have, but the truth is, a lot of apps don’t require that much horsepower, especially given how cheap hosting is today (yes, I know iLike claims to be running on an assload of servers). In addition, with the right architecture, you can buy computing by the hour and storage by the gig from amazon for less than outrageous prices. As other people have noted, the privileges you are granting apps are for access to core Facebook data, like who your friends are, the groups you belong to, your profile info, as well as things you’ve uploaded like photos. The apps are only supposed to cache this info for 24 hours, but, of course, an unscrupulous operator wouldn’t care about that, by the time Facebook banned them, they’d be long gone. I don’t know if anything has evolved for data exchange betw
